Makes sense. Pretty sad to have to install a tool like that to get security on a platform that is used by billions of users. Even more shocking that apps get installed just from clicking a small close button on a silly ad without even prompting for the install?
Installing random tools to hopefully get more security, though is risky also. Hopefully that tool doesn’t get compromised as it is privy to all intent activity.
> Pretty sad to have to install a tool like that to get security on a platform that is used by billions of users.
You click on a banner ad inside an app, and if you have Intent Intercept installed, it won't immediately register as an "impression" and take you to wherever the banner has been programmed to take you to by default.
Since Intent Intercept also affects the ad industry(of which Google is a big part), I don't expect Google to build a similar less-nerdy tool into Android by default.
> Installing random tools to hopefully get more security, though is risky also. Hopefully that tool doesn’t get compromised as it is privy to all intent activity.
Intent Intercept is open source(Apache License 2.0 https://github.com/k3b/intent-intercept) and its release binaries are hosted on F-Droid, arguably the most trusted Android "store" for Free and Open Source apps.
So I'm not too worried.
I think we should always be worried when installing even open source tools that are injected within operating system functions, especially tools that pull in many external libraries. It adds to the threat surface area.
However, in this case, this tool will hopefully mitigate that risk and, as you said, the creator of the OS is actually a threat too (by leaving their OS vulnerable in order to facilitate their ad business).
Having watched the video in its entirety, it is an FAQ in a powerpoint presentation format. It's not a rambling FAQ video.
There are several slides in the video that would not translate well to a text/image only blog post. It's technically possible, but I think it would look bad.
Fortunately, Ross Scott's voice is very "speed up"-friendly. I finished watching in under 25 minutes.
It would behoove several people who've had questions in this thread[1] to watch the video.
Question for rsync users on linux. Does your rsync preserve creation times --crtimes ?
I'm aware ext4/3 filesystems don't store creation times. But I want to use rsync on Linux to sync files between an NTFS(supports creation times) and a Btrfs partition(also supports creation times) without losing the creation times.
Currently rsync just sets the creation time to the modification time on the destination directory. Which is not what I want.
When I use `--crtimes` I get a "This rsync does not support --crtimes (-N)" error.
Weirdly, just using `cp -a` works. But it doesn' t have any of the checksumming and differential copy bells and whistles of rsync.
How do you rsync on linux while preserving creation times(on supported file systems)?
I just migrated from a QNAP NAS to a custom build with ZFS. I have files with creation times dating back to the 90s on my original FAT16 filesystem and I didn't want to lose them, so I recently did a (way-too-)deep dive on this, I'll summarize my notes for you.
First, ext4 actually does support creation times, called "crtime". But there's some internet confusion about it since this support predated linux kernel support, so you had to use ext4-specific tooling (on an unmounted filesystem) to access it, e.g.:
The btrfs situation is similar, but btrfs called it "otime" (for some reason?). Linux 4.11 introduced kernel-level support unified across all filesystems, calling it "btime" (birth time).
But the normal file syscalls only support reading btimes, not setting them to arbitrary values. And rsync on linux, as you saw, can't do anything the kernel doesn't have a syscall for. For a while the only option was to:
1. set the system clock
2. create a file (at which point the kernel sets btime to the system time, plus a few nanoseconds)
3. restore the system clock
Obviously a huge hack, and needs root, but tools like s-tar automated it (search for "time storm" in this manpage):
I almost gave up and spun up a Windows VM (since Windows has supported reading and writing creation times since the beginning). But then it clicked -- the kernel interface to the filesystem module takes the btime as an explicit parameter. So if you could find a kernel module that talks to the filesystem module directly (instead of going through the usual high-level file syscalls), you can pass along any btime you want. And there just so
Admittedly my only exposure to the Secure Scuttlebutt Protocol(SSB) is through manyver.se [1] - a FOSS private(optionally) social media app. And the syncing issue you mention has been one for me too. Sometimes it's even worse - it fails to sync entirely until another app restart. Maybe this is a manyverse issue, maybe a SSB issue. Either way, hitherto at least, it doesn't seem reliable.
If there are alternative ways to have an offline(over Wi-Fi/bluetooth, not internet) social media/messaging app, that works on both Android and ios, please do let me know.
At a certain point in the history of SSB the manlyverse team took over the maintenance of SSB and the apps locking until the end of a sync became the norm. Prior to this there were websocket-based web and Electron apps where you could at least see that progress was being made.
SSB always sank from the first post to the latest. IMO it's better to sync from the latest backwards.
A page such as this[1] requires javascript to be enabled to be viewable on github. Viewing any and all "/blob/" pages on github requires javascript to be enabled now. It didn't used to be this way ~1 year ago but github is slowly making javascript necessary on many pages for some annoying reason.
I could set up a redirect to the '/raw/' pages but then the syntax highlighting is gone.
The same page is perfectly viewable over plain html on gothub[2] though.
Github also seems to be hiding their "Assets" (binaries et al) on the "/releases" page for some projects behind javascript(especially older versions).[3] Something else that wasn't the case about ~1.5 years ago.
Would be great if gothub could unshackle the links to those as well[4], but that doesn't seem to work at the moment[5] .
This project appears to be a more performant(measurably so), more privacy friendly(as Microsoft won't have a record of your interest in certain projects) alternative front-end for "non logged in" github users.
Outside HN (and similar crowds) barely anyone has an issue with web pages running JavaScript. I understand the sentiment but don't think it's practical or useful/meaningful. That's how the web works, mostly. And that definitely does not justify the existence of this project -- the github website is generally fine and the use of JavaScript greatly enhances the experience especially after recent updates.
I have no problem with javascript. I think javascript can greatly add to the web experience.
"Add to" being the keyword there. Not "in lieu of".
You want to add javascript to enhance UI/UX outside the scope of what can be accomplished with plain html? Great!
You want to use javascript to add a feature that simply can't be done over plain html? Great!
You want to use javascript to hide a bunch of text on a public webpage, so those who have javascript disabled on their web browsers can't see the text, and will be forced to enable javascript, just to look at some text on a webpage? Unforgivably garbage design!
I will remind you that github used to work perfectly fine without requiring javascript merely a year ago. At least for basic perusal.
I think it is extremely silly design if I'm required to enable javascript, just to look at some text on a public webpage.
Again, nothing against javascript. But don't make it mandatory is what I'm saying, especially for casual browsing.
What will need to happen that "but JS" stops being a self-serving argument?
If it performance poorly, as with anything else, let's hear it. But I do seriously wonder: Is there a sport in breaking a websites legs and point at it, while it's lolling on the floor?
Reinventing links detracts from the UX. You can't hover over the link and see where the link goes. Modifier keys often aren't respected meaning you can't open a link in a new window/tab with just one click. Fake links also break things like screen readers.
Reinventing the text widget means you're invariably going to miss something. Maybe you'll miss a "power user" feature like keyboard navigation. Maybe you'll miss something esoteric like rendering Chinese characters or find on the page. Maybe you'll break a rarely used feature like scrolling. Maybe you'll just display random characters.
To me it seems like a large part of the pain of requiring javascript is less about breaking nojs and more that devs are using javascript to poorly/partially reimplement key browser features. I'm reminded of the "Just normal web things" post the other day.
I only discovered this because of an accidental keyboard malfunction ~10 years ago.
I pressed Ctrl+Shift+Escape to open Task Manager. And then I was confused that the list wasn't moving around. Sorted by CPU usage and still, the list just wasn't updating.
Thought I'd discovered some rare bug. So I closed task manager and then when I tried to open it up again using Ctrl+Shift+Escape, I realized the Ctrl key was already pressed.
Thank you to the grime in the walls of the key housing of my Ctrl key in my uncleaned membrane keyboard. Wouldn't have discovered this feature without you.
I just realized I've been triggering this accidentally for months if not years. Every so often I'd notice that Task Manager would stop updating and I always thought it was some kind of bug where the "Update period" would get set to "Paused". All this time it was because I pressed Ctrl.
Mozilla presumably collects this operating system version data on new installs of Firefox upon first run.
I wonder how the analytics of Firefox forks are tracked. If they can even be tracked.
Tor Browser, LibreWolf et al privacy friendly forks, block Mozilla's data collection on startup and they spoof the user agent to Windows NT 10.0 regardless of if you run them on Windown 7, 8, 10 or 11.
Hey, Congratulations on your upgrade to Windows 7!
Not 48 hours ago, I spoke highly of the benefits of Windows 7[1], as a user myself.
It is absolutely possible to use Windows 7 reasonably securely, if you take the appropriate precautions(again, see my comment)
> I can use the latest versions of Google Chrome
Firefox? Yes. Chrome? No.
Chromium 109 is the last version to support Windows 7. Here's the last working ungoogled variant [2].
Switch to LibreWolf[3] Firefox based browser with user.js modifications[3] pre-installed. Or if you don't trust librewolf, use Firefox and manually add the same user.js[4]
It's better for security than Chrome could ever hope to be.
Your web browser's javascript continues to be the predominant way for malware to make its entry. So just make sure to take the appropriate security precautions elsewhere, as mentioned in my comment [1].
> When Firefox stopped receiving upgrades I switched to Mypal browser, an open source browser specially made for Windows XP. It is cruder than Google Chrome but does the job most of the time.
Have you tried K-Meleon on Windows XP[5]? It's Old Firefox(pre-Australis) based, and still gets updates.
-----------
Windows 7 is the last legit good Microsoft Operating System.
It truly is a wonder and a delight to use and modify.
Anyway, all the very best on your Windows 7 journey. May it serve you well.
> AppLovin’s X’s are unusually tiny, so mis-taps are especially likely
This is why I use Intent Intercept - https://f-droid.org/en/packages/de.k3b.android.intentinterce...
It tells me exactly what's about to happen from my tap(accidental or intentional), and gives me the option to undo my tap.
Every privacy/security conscious Android user should have Intent Intercept installed on their devices already.